.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Firebase, a Backend-as-a-Service offering from Google that is marketed towards mobile app developers .
The take: Over 100 million records from thousands of mobile apps, including plaintext user id & password combinations, GPS location records, financial records, health records and session tokens.
The attack vector: Security researchers discovered that the default configuration for Firebase databases does not secure data or require authentication, allowing unauthorized third parties to view and exfiltrate application data.
SydneyMorningHerald: A former AMP contract worker who tried to install a dark web browser on his work laptop after downloading personal identification of 20 customers has pleaded guilty to taking the sensitive data from the financial services company. The Chinese national faced the Downing Centre Local Court on Thursday, charged with possessing identification information with the intention of committing and facilitating the commission of an indictable offence...
Reuters: Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cyber security researchers said, in what a company executive described as a potentially catastrophic attack. The attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets, according to investigators at cyber security firm Recorded Future..
FinancialPost: Cyber security incidents have become the new normal for Canadian companies, with one hundred per cent of organizations experiencing attacks, according to the findings of a new study from Scalar Decisions Inc. of more than 400 Canadian IT and security workers. Released today, the 2019 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada) showed that cyber security incidents are occurring on a regular basis and the cost of these compromises is at an all-time high. The average cost per organization of responding to, and recovering from, cyber security incidents increased to between $4.8 million to $5.8 million, up from $3.7 million last year...
SMH: National security agencies are continuing to scour the Parliament's computer network for threats to MPs' data after what is being described as a "sophisticated" hack attack that could be the work of a foreign government. The hacking comes just three months ahead of the federal election, prompting fears that if MPs emails or data were stolen they could be used to cause political interference of the style Russia perpetrated against the United States in the 2016 presidential campaign...
CBC: Online attacks on Canada's financial system could become far more destructive as more militaries around the globe get involved in cyber operations, a security expert and former CIA analyst told a House of Commons committee Wednesday. Christopher Porter, the chief intelligence strategist for the cyber security company Fireeye, Inc., testified that as NATO countries share their expertise on how to defend against and defeat online threats, "major cyber powers outside the alliance" will likely do the same...
CyberDefenseMagazine: New York’s position as a financial capital makes the city especially vulnerable to cyber attacks. Although Manhattan is an established gateway for financial services and business in general, it’s still developing as a cyber hub. As hackers’ tools become increasingly sophisticated, it’s no secret that there’s room for improvement in cybersecurity in NYC. To address this urgent need, the New York City Economic Development Corporation (NYCEDC) unveiled Cyber NYC, a huge initiative to transform NYC into a global leader in cybersecurity innovation and talent through collaborations with world-renowned partners in tech, academia, and finance...
NationalPost: Foreign hackers have targeted Canadian banks, mining companies and government institutions in recent years to steal valuable secrets and spread malware, a leading cybersecurity analyst warns. In February 2017, multiple major Canadian financial institutions were exposed to the risk of state-sponsored cybertheft from North Korea in a scheme to redirect people to malicious downloads that would seize control of their computer, says Christopher Porter, chief intelligence strategist at California-based security firm FireEye...
JPost: Iran is likely to expand its cyber espionage activities as its relations with Western powers worsen, the European Union digital security agency. Online disinformation campaigns in recent years as the country tries to strengthen its clout in the Middle East and beyond, a Reuters Special Report published in November found. This month the European Union imposed its first sanctions on Iran since world powers agreed a 2015 nuclear deal with Teheran, in a reaction to Iran's ballistic missile tests and assassination plots on European soil...
A team of former US government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world’s superpowers and into the hands of smaller nations...
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy